Your Distinguished Name and Policy

Restriction: This topic applies only when the Enterprise Server feature is enabled.

When you installed the Micro Focus Security Pack, you provided details of your site, such as Common Name, locality, and so on. All these details together are known as your Distinguished Name, and are intended to identify your site uniquely in the world. These details were put into your certificates.

Especially important is the Common Name. If this is not exactly the same as the fully qualified domain name of the machine running your SSL software, people you communicate with will get warnings that your certificate may not be valid. This field defaults to the name as known to your operating system, so you will probably not need to change it. You can however use wildcards in the Common Name, so you can use the same certificate for several machines. You will need to do this if, for example, you are running a Web site with a cluster of Web servers.

The elements of the Distinguished Name - Common Name, Locality, and so on - are standard, but it's up to you as the CA to have a policy on which of them you require. You can define the policy and specify the required elements, using the policy directive of the openssl ca function. You can specify several default groups of content within openssl.cnf and refer to each group by its name as a policy. See OpenSSL Configuration File.